Facebook and FBI bust Yahos malware scheme: expert reaction

CBR rounds up expert opinions on the cybercriminal investigation where 10 individuals were arrested for using Yahos Malware on 11 million computers and causing $850m in losses.

Malwarebytes CEO, Marcin Kleczynski told CBR

"Cyber criminals are taking full advantage of our growing desire to use social media, so it’s great to see big companies like Facebook working closely with law enforcement. Not only will this serve as a warning to cyber criminals, but it will decrease the amount of malware which is posted on social networks and designed to steal everything from personal details to bank account details.

"The simplest way to keep safe on social networks is to make sure you question every link sent to you, even when it’s from a friend as these can often take you straight to threats. In addition, keep your anti-malware software up to date to ensure the latest stealthy spyware stays away from your PC."

Tal Be’ery, Web Research Team Leader at Imperva

The malware is not unique to Facebook and is reported to spread over other social medium such as Instant Messaging (IM). But since Facebook is the most popular social network platform most of the attention of the attacker were dedicated to it.Using Facebook security team, the FBI was probably able to track the propagation of malware to its origin and discover "Patient zero" of the Yahos epidemic. "Patient zero" was probably a fake profile (or profiles) created by the attackers to spread the malware. We assume, that using that account access details (e.g. IP address) the FBI was given a lead to the people behind the operation.

Users, as well as organizations, can reduce the risk associated with data theft through infected computers by safe behavior, blocking known malware with an antivirus solution (AV) and blocking unknown malware with data access monitoring.

"There are two things to take from this story. First, collaboration as we have seen already in recent weeks – organisations both in the public and private sectors sharing intelligence and providing information to ensure that common applications and systems are not compromised. Criminals are always looking for the weakest link or the mass exploit to reap rewards – this is why we have seen the rise in scams linked to popular applications such as Facebook. Information security professionals have always worked on the principle of ethical disclosure and more and more collaboration between these organisations and businesses will help.

"The second issue is on user awareness. We are a ‘we are a trusting bunch – if our system says it is infected who are we to ask questions. So individuals need to understand that clicking on links that purport to remove viruses from your system – often contain viruses! Facebook and others have worked hard to remove these links before the user is tempted, but individuals need to be educated, most if not all, systems these days come with anti-malware pre-installed – use this and not the link on the screen to scan your system. If you don’t have these installed then invest in legitimate software from legitimate sites.

"A simple rule is to never click on any link that purports to provide a free scan – anything for free and all that. In fact be wary of clicking on links in general – copy and paste these to check the full web site address, or retype to ensure that you are on the right web site."

HD Moore, Chief Security Officer at Rapid7 told CBR

"The Yahos botnet was built through one of the most basic, ancient, and avoidable attacks – asking the victim to run an executable. This success of this botnet highlights how little consumer security has improved over the last 15 years. We see the same techniques work again and again, regardless of what the anti-virus and operating systems do to raise the bar. In corporate environments, we have seen major gains due to stricter account policies and pervasive filtering, but these security controls rarely apply to home systems.

"Consumer education will always be necessary, but operating system and browser vendors are still the most crucial part of the consumer security model. The top browser vendors have all made major steps in this area, as have newer operating systems such as Windows 8, but without large-scale adoption security will not improve on the whole for years. For example, according to W3Schools, Windows XP still accounts for 22% of the OS market. By contrast, the latest versions of Internet Explorer (9 and 10) have less than a 22% market share."

Charles Foley, Chairman and CEO of Watchful Software told CBR

"Facebook should be commended for working with the FBI to address this; it shows that Facebook is taking its position as a the manager of a cyber-environment seriously. As wonderful and rich a platform such as Facebook is, it is truly one more type of environment that has to be monitored and secured. Just like a park or shopping mall must be secured and monitored in the real world. And it’s the responsibility of the managers of that environment to provide some level of protection

"However, the responsibility doesn’t stop there. This botnet attack illustrates how their cyber-environment might be the entry point into a user’s system, but once it leaves the Facebook cyber-environment and is on the user’s system it’s the user’s responsibility. That is where the new generation of advanced persistent security mechanisms, such as e-Biometrics, comes in. With these types of technologies, a system knows if it’s a ‘real person’ in the form of the user themselves entering characters and keystrokes, or if it’s a malware bot basically ‘hijacking’ the session, hence providing the ability to protect and shut down a session if a malware bot like the one spread on Facebook were to invade the system. Without e-Biometrics, malware bots roam free in a system simulating a user, capturing information, doing transactions with disastrous effect."